For this project, I used the Tenable Vulnerability Management cloud console as the primary interface. Both the Tenable Scan Engine and the Scan Target were deployed as virtual machines on Microsoft Azure, allowing me to simulate an enterprise-style environment. This setup gave me a controlled space to perform scans, apply remediations, and monitor how changes impacted the system's security posture over time.
-
Introduction to Vulnerability Management:
- What is software vulnerability management?
- Understanding vulnerabilities, scan engines, and remediation.
- Overview of compliance standards like DISA/STIG, CIS, etc.
-
Hands-On Steps:
- Setting up a virtual machine (VM) for scanning.
- Configuring a Tenable vulnerability scanner.
- Performing compliance checks (e.g., DISA/STIG).
- Identifying vulnerabilities and compliance issues.
- Creating and remediating vulnerabilities.
- Observing results and documenting remediation efforts.
-
Tools Used:
- Azure (for VM setup with free credits).
- Tenable Vulnerability Management (free trial available).
- LogN Pacific Cyber Range (optional, preconfigured environment).
Environment Setup:
- Configure a VM in Azure.
- Prepare the VM for vulnerability scanning.
Scan Configuration
- Configure a credentialed Tenable scan to look for all the basic vulnerabilities + DISA Windows 10 STIG v3r2
Initial Scan:
-
Perform an initial vulnerability and compliance baseline scan.
-
Review and analyze scan results including failed STIGs. For this lab, we will focus on the following STIGs to Fail/Remediate:
- STIG ID WN10-AU-000505 (Increase size of Security Event Log) - Initial Fail
- STIG ID WN10-SO-000025 (Rename Guest Account) - Initial Fail
- STIG ID WN10-SO-000010 (Disable Guest Account) - Initial Pass
Simulate Vulnerabilities:
- Introduce vulnerabilities such as outdated software (Firefox v110) or misconfigured settings (Enabled Guest Account)
- Intentionally FAIL: STIG ID WN10-SO-000010 by enabling the Guest Account
- Perform a second scan to detect changes.
Remediation:
- Fix vulnerabilities and compliance issues (e.g., uninstall outdated software, modify registry settings to increase security event log size, disable Guest account, rename Guest account, fully update Windows).
- Perform a final scan to confirm remediation.
Document Results:
- Scan 1: You can see the initial vulnerability baseline with the first scan
- Scan 2: A spike occurred when we introduced an outdated version of Firefox
- Scan 3: A dip in vulnerabilities is observed after removing the outdated version of Firefox
- Scan 4: A final dip takes place after fully updating Windows
Completing this lab gave me practical, hands-on experience with vulnerability management—a critical area in cybersecurity. Using Tenable Vulnerability Management in a cloud-based Azure environment, I learned how to:
- Set up and configure virtual machines for secure scanning.
- Perform credentialed scans to detect vulnerabilities and compliance issues.
- Work with compliance benchmarks like DISA STIG, learning how to evaluate and interpret findings.
- Simulate real-world vulnerabilities by introducing misconfigurations (like enabling the Guest account) or outdated software (e.g., Firefox v110).
- Apply effective remediation strategies, such as modifying registry keys, disabling unused accounts, and fully updating the system.
- Track and document changes in the system's security posture across multiple scans.
This lab helped me connect technical concepts to real-world applications, giving me a deeper understanding of how security tools, compliance standards, and system hardening come together to protect enterprise environments.
This experience has sparked a strong interest in exploring more advanced areas of vulnerability and risk management. Moving forward, I'm excited to:
- Dive deeper into automating vulnerability scans and integrating results into broader security workflows.
- Explore additional tools like Nessus Pro, OpenVAS, and Qualys to compare scanning methodologies.
- Learn more about compliance frameworks such as CIS Benchmarks, NIST 800-53, and ISO 27001.
- Begin developing skills in penetration testing to better understand how attackers exploit vulnerabilities—and how defenders can proactively respond.
- Study how vulnerability management fits into larger enterprise security programs, including asset management, patching, and threat modeling. This lab marks a key step in my cybersecurity journey. It’s helped me build real-world skills, and I’m excited to keep growing in this space!